Using it as a start plus some googling, and the strong support from Brian Park, Anthony MULLER and Ludek Uher I´ve came up with a mehod that works, at least for me and hope it does too to someone else.

I´m using pure Javascript (no AJAX calls nor JQuery). I was able to overcome the CORS problem using a HTTP Request header ‘X-PINGARUNER’ with the value ‘pingpong’ which allowed me to make the HTTP requests from within an outside WEB Server without running in a security issue (this was tested in IE, Google Chrome and Firefox).

All the tests were made from within my company´s Firewall and the HTTP calls aimed our corporate BO Server.

Before starting with a very simple sample, I would like to address some points :

Pay extremely atention to ‘Content-Type’ and ‘Accept’ request headers (the first is related with the request body of your call – how is the data type of it – and the former from the response body – in which format data will be returned).

Stick to the manual to the types. If you receive an internal error

WSR 00999

This is an internal error.

from your call, chances are the types of ‘Content-Type’ or ‘Accept’ are incorrect.

Each time you send a call to request a logon token, you´re logging in the BO Server, and consuming a concurrent session. So, if your code has na error and it halts, without logging off, you will continue connected to the server.

Calling the script again will make you be connected twice. I read somewhere that the timeout to a logon token is 1 hour.

Okay, let´s start with my sample.

The task to be accomplished here is to return the list and definition of the variables in a WEBI doc.

The first thing to do when using the Restful API is to retrieve a logon token which will be used in all subsequente requests.

What I do here is create na XMLHTTPRequest and set its parameters (url, setRequestHeaders), note in the requestHeaders, the use of the X-PINGARUNER to avoid the security issue and the Content-Type and Accept. Than you call invocation.send which will do the call. Since this request requires data to be sent to the server (user, password and authentication) , this is made passing the variable body (which is the XML containing the data ) to the send method of invocation.

invocation.send(body)

Next step is to retrieve the logon token from the response, this is done by retrieving the response header ‘X-SAP-LogonToken’. This header comes URL encoded, so you have to decode it in order to use it further.

token =decodeURI(invocation.getResponseHeader(‘X-SAP-LogonToken’));

All the requests to a WEBI document are made through the documents id ,which is the unique identifier of a document. In order to find any documents id, go to I Launch PAD , right click on the document and choose Properties . In the bellow Picture, the documents id is highlighted in blue

This request will return, in docum.responseXML the XML document containing the information of the variables in the WEBI document, like this :

<?xml version=”1.0″ encoding=”UTF-8″ standalone=”yes”?>

<variables>

<variable qualification=”Dimension” dataType=”String”>

<id>L5E</id>

<name>String Fillter </name>

</variable>

<variable qualification=”Dimension” dataType=”String”>

<id>L5B</id>

<name>V2_STATUS</name> </variable>

…

This gives me the listo f variables (name, id and datatype). To get the formula and description of the variables, I´ll have to loop through the list the variables and make another request for each variables in the list :

This will end this first blog post. I hope things are clear. Any suggestion, comments or doubts will be much appreciated. I would like to thank Brian Park ,Anthony MULLER and Ludek Uher as well as the community for its support.